fix go check issues
1, Fix GoSec G404: Use of weak random number generator (math/rand instead of crypto/rand) 2, Fix Static check: ST1019: package "github.com/sirupsen/logrus" is being imported more than once Signed-off-by: Wang Yan <wangyan@vmware.com>
This commit is contained in:
parent
6248a88d03
commit
f637481c67
3 changed files with 38 additions and 25 deletions
|
@ -2,9 +2,10 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/rand"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"flag"
|
"flag"
|
||||||
"math/rand"
|
"math/big"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -141,8 +142,15 @@ const refreshTokenLength = 15
|
||||||
|
|
||||||
func newRefreshToken() string {
|
func newRefreshToken() string {
|
||||||
s := make([]rune, refreshTokenLength)
|
s := make([]rune, refreshTokenLength)
|
||||||
|
max := int64(len(refreshCharacters))
|
||||||
for i := range s {
|
for i := range s {
|
||||||
s[i] = refreshCharacters[rand.Intn(len(refreshCharacters))]
|
randInt, err := rand.Int(rand.Reader, big.NewInt(max))
|
||||||
|
// let '0' serves the failure case
|
||||||
|
if err != nil {
|
||||||
|
logrus.Infof("Error on making refersh token: %v", err)
|
||||||
|
randInt = big.NewInt(0)
|
||||||
|
}
|
||||||
|
s[i] = refreshCharacters[randInt.Int64()]
|
||||||
}
|
}
|
||||||
return string(s)
|
return string(s)
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,10 +2,11 @@ package handlers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
cryptorand "crypto/rand"
|
"crypto/rand"
|
||||||
"expvar"
|
"expvar"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/rand"
|
"math"
|
||||||
|
"math/big"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -612,7 +613,7 @@ func (app *App) configureLogHook(configuration *configuration.Configuration) {
|
||||||
func (app *App) configureSecret(configuration *configuration.Configuration) {
|
func (app *App) configureSecret(configuration *configuration.Configuration) {
|
||||||
if configuration.HTTP.Secret == "" {
|
if configuration.HTTP.Secret == "" {
|
||||||
var secretBytes [randomSecretSize]byte
|
var secretBytes [randomSecretSize]byte
|
||||||
if _, err := cryptorand.Read(secretBytes[:]); err != nil {
|
if _, err := rand.Read(secretBytes[:]); err != nil {
|
||||||
panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err))
|
panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err))
|
||||||
}
|
}
|
||||||
configuration.HTTP.Secret = string(secretBytes[:])
|
configuration.HTTP.Secret = string(secretBytes[:])
|
||||||
|
@ -1062,8 +1063,13 @@ func startUploadPurger(ctx context.Context, storageDriver storagedriver.StorageD
|
||||||
}
|
}
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
rand.Seed(time.Now().Unix())
|
randInt, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
|
||||||
jitter := time.Duration(rand.Int()%60) * time.Minute
|
if err != nil {
|
||||||
|
log.Infof("Failed to generate random jitter: %v", err)
|
||||||
|
// sleep 30min for failure case
|
||||||
|
randInt = big.NewInt(30)
|
||||||
|
}
|
||||||
|
jitter := time.Duration(randInt.Int64()%60) * time.Minute
|
||||||
log.Infof("Starting upload purge in %s", jitter)
|
log.Infof("Starting upload purge in %s", jitter)
|
||||||
time.Sleep(jitter)
|
time.Sleep(jitter)
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,6 @@ import (
|
||||||
"github.com/docker/go-metrics"
|
"github.com/docker/go-metrics"
|
||||||
gorhandlers "github.com/gorilla/handlers"
|
gorhandlers "github.com/gorilla/handlers"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
log "github.com/sirupsen/logrus"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/yvasiyarov/gorelic"
|
"github.com/yvasiyarov/gorelic"
|
||||||
"golang.org/x/crypto/acme"
|
"golang.org/x/crypto/acme"
|
||||||
|
@ -111,16 +110,16 @@ var ServeCmd = &cobra.Command{
|
||||||
|
|
||||||
if config.HTTP.Debug.Addr != "" {
|
if config.HTTP.Debug.Addr != "" {
|
||||||
go func(addr string) {
|
go func(addr string) {
|
||||||
log.Infof("debug server listening %v", addr)
|
logrus.Infof("debug server listening %v", addr)
|
||||||
if err := http.ListenAndServe(addr, nil); err != nil {
|
if err := http.ListenAndServe(addr, nil); err != nil {
|
||||||
log.Fatalf("error listening on debug interface: %v", err)
|
logrus.Fatalf("error listening on debug interface: %v", err)
|
||||||
}
|
}
|
||||||
}(config.HTTP.Debug.Addr)
|
}(config.HTTP.Debug.Addr)
|
||||||
}
|
}
|
||||||
|
|
||||||
registry, err := NewRegistry(ctx, config)
|
registry, err := NewRegistry(ctx, config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln(err)
|
logrus.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.HTTP.Debug.Prometheus.Enabled {
|
if config.HTTP.Debug.Prometheus.Enabled {
|
||||||
|
@ -128,12 +127,12 @@ var ServeCmd = &cobra.Command{
|
||||||
if path == "" {
|
if path == "" {
|
||||||
path = "/metrics"
|
path = "/metrics"
|
||||||
}
|
}
|
||||||
log.Info("providing prometheus metrics on ", path)
|
logrus.Info("providing prometheus metrics on ", path)
|
||||||
http.Handle(path, metrics.Handler())
|
http.Handle(path, metrics.Handler())
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = registry.ListenAndServe(); err != nil {
|
if err = registry.ListenAndServe(); err != nil {
|
||||||
log.Fatalln(err)
|
logrus.Fatalln(err)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -344,7 +343,7 @@ func configureReporting(app *handlers.App) http.Handler {
|
||||||
// configureLogging prepares the context with a logger using the
|
// configureLogging prepares the context with a logger using the
|
||||||
// configuration.
|
// configuration.
|
||||||
func configureLogging(ctx context.Context, config *configuration.Configuration) (context.Context, error) {
|
func configureLogging(ctx context.Context, config *configuration.Configuration) (context.Context, error) {
|
||||||
log.SetLevel(logLevel(config.Log.Level))
|
logrus.SetLevel(logLevel(config.Log.Level))
|
||||||
|
|
||||||
formatter := config.Log.Formatter
|
formatter := config.Log.Formatter
|
||||||
if formatter == "" {
|
if formatter == "" {
|
||||||
|
@ -353,16 +352,16 @@ func configureLogging(ctx context.Context, config *configuration.Configuration)
|
||||||
|
|
||||||
switch formatter {
|
switch formatter {
|
||||||
case "json":
|
case "json":
|
||||||
log.SetFormatter(&log.JSONFormatter{
|
logrus.SetFormatter(&logrus.JSONFormatter{
|
||||||
TimestampFormat: time.RFC3339Nano,
|
TimestampFormat: time.RFC3339Nano,
|
||||||
DisableHTMLEscape: true,
|
DisableHTMLEscape: true,
|
||||||
})
|
})
|
||||||
case "text":
|
case "text":
|
||||||
log.SetFormatter(&log.TextFormatter{
|
logrus.SetFormatter(&logrus.TextFormatter{
|
||||||
TimestampFormat: time.RFC3339Nano,
|
TimestampFormat: time.RFC3339Nano,
|
||||||
})
|
})
|
||||||
case "logstash":
|
case "logstash":
|
||||||
log.SetFormatter(&logstash.LogstashFormatter{
|
logrus.SetFormatter(&logstash.LogstashFormatter{
|
||||||
Formatter: &logrus.JSONFormatter{TimestampFormat: time.RFC3339Nano},
|
Formatter: &logrus.JSONFormatter{TimestampFormat: time.RFC3339Nano},
|
||||||
})
|
})
|
||||||
default:
|
default:
|
||||||
|
@ -373,7 +372,7 @@ func configureLogging(ctx context.Context, config *configuration.Configuration)
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.Log.Formatter != "" {
|
if config.Log.Formatter != "" {
|
||||||
log.Debugf("using %q logging formatter", config.Log.Formatter)
|
logrus.Debugf("using %q logging formatter", config.Log.Formatter)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(config.Log.Fields) > 0 {
|
if len(config.Log.Fields) > 0 {
|
||||||
|
@ -391,11 +390,11 @@ func configureLogging(ctx context.Context, config *configuration.Configuration)
|
||||||
return ctx, nil
|
return ctx, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func logLevel(level configuration.Loglevel) log.Level {
|
func logLevel(level configuration.Loglevel) logrus.Level {
|
||||||
l, err := log.ParseLevel(string(level))
|
l, err := logrus.ParseLevel(string(level))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l = log.InfoLevel
|
l = logrus.InfoLevel
|
||||||
log.Warnf("error parsing level %q: %v, using %q ", level, err, l)
|
logrus.Warnf("error parsing level %q: %v, using %q ", level, err, l)
|
||||||
}
|
}
|
||||||
|
|
||||||
return l
|
return l
|
||||||
|
@ -421,10 +420,10 @@ func configureBugsnag(config *configuration.Configuration) {
|
||||||
// configure logrus bugsnag hook
|
// configure logrus bugsnag hook
|
||||||
hook, err := logrus_bugsnag.NewBugsnagHook()
|
hook, err := logrus_bugsnag.NewBugsnagHook()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalln(err)
|
logrus.Fatalln(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
log.AddHook(hook)
|
logrus.AddHook(hook)
|
||||||
}
|
}
|
||||||
|
|
||||||
// panicHandler add an HTTP handler to web app. The handler recover the happening
|
// panicHandler add an HTTP handler to web app. The handler recover the happening
|
||||||
|
@ -434,7 +433,7 @@ func panicHandler(handler http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
defer func() {
|
defer func() {
|
||||||
if err := recover(); err != nil {
|
if err := recover(); err != nil {
|
||||||
log.Panic(fmt.Sprintf("%v", err))
|
logrus.Panic(fmt.Sprintf("%v", err))
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
handler.ServeHTTP(w, r)
|
handler.ServeHTTP(w, r)
|
||||||
|
|
Loading…
Reference in a new issue